Merge branch 'master' of github.com:gchq/stroom

Author: stroomdev66

stroom-app/src/main/java/stroom/app/commands/AbstractStroomBaseCommand.java

@@ -91,9 +91,9 @@ protected void run(final Bootstrap<Config> bootstrap,
                 runCommand(bootstrap, namespace, config, childInjector);
             } catch (final Exception e) {
                 final String msg = "Error running command "
-                        + commandName
-                        + ": " + e.getMessage()
-                        + ". Check logs for more detail.";
+                                   + commandName
+                                   + ": " + e.getMessage()
+                                   + ". Check logs for more detail.";
                 error(LOGGER, msg, e);
                 System.exit(1);
             }
@@ -243,19 +243,29 @@ protected String argsToString(final Namespace namespace) {
                     })
                     .sorted(Entry.comparingByKey())
                     .map(entry ->
-                            "--" + entry.getKey() + " " + argValueToString(entry.getValue()))
+                            "--" + entry.getKey() + " " + argValueToString(entry.getKey(), entry.getValue()))
                     .collect(Collectors.joining(" "));
         }
     }
 
-    final String argValueToString(final Object value) {
+    protected String obfuscateArgValue(final String argName, final String value) {
+        if ("password".equals(argName)) {
+            return "*****";
+        } else {
+            return value;
+        }
+    }
+
+    final String argValueToString(final String argName, final Object value) {
+        final String str;
         if (value instanceof final List<?> listVal) {
-            return listVal.stream()
+            str = listVal.stream()
                     .map(item -> "'" + item.toString() + "'")
                     .collect(Collectors.joining(" "));
         } else {
-            return value.toString();
+            str = value.toString();
         }
+        return obfuscateArgValue(argName, str);
     }
 
     /**

stroom-app/src/main/java/stroom/app/commands/ResetPasswordCommand.java

@@ -21,6 +21,7 @@
 import stroom.security.api.SecurityContext;
 import stroom.security.identity.account.AccountDao;
 import stroom.util.logging.LogUtil;
+import stroom.util.shared.NullSafe;
 
 import com.google.inject.Injector;
 import event.logging.AuthenticateAction;
@@ -47,7 +48,7 @@ public class ResetPasswordCommand extends AbstractStroomAppCommand {
 
     private static final String COMMAND_NAME = "reset_password";
     private static final String COMMAND_DESCRIPTION = "Reset the password of the user account " +
-            "in the internal identity provider";
+                                                      "in the internal identity provider";
 
     private static final String USERNAME_ARG_NAME = "user";
     private static final String PASSWORD_ARG_NAME = "password";
@@ -97,9 +98,15 @@ protected void runSecuredCommand(final Bootstrap<Config> bootstrap,
                                      final Namespace namespace,
                                      final Config config,
                                      final Injector injector) {
-
         final String username = namespace.getString(USERNAME_ARG_NAME);
+        if (NullSafe.isEmptyString(username)) {
+            throw new RuntimeException("Username must be provided");
+        }
+
         final String newPassword = namespace.getString(PASSWORD_ARG_NAME);
+        if (NullSafe.isEmptyString(newPassword)) {
+            throw new RuntimeException("Password must be provided");
+        }
 
         LOGGER.debug("Resetting password for account {}", username);
 

unreleased_changes/20260225_111746_905__0.md

@@ -0,0 +1,61 @@
+* Bug : Fix missing arg validation on reset_password CLI command. Obfuscate password in logging.
+
+
+```sh
+# ONLY the top line will be included as a change entry in the CHANGELOG.
+# The entry should be in GitHub flavour markdown and should be written on a SINGLE
+# line with no hard breaks. You can have multiple change files for a single GitHub issue.
+# The  entry should be written in the imperative mood, i.e. 'Fix nasty bug' rather than
+# 'Fixed nasty bug'.
+#
+# Examples of acceptable entries are:
+#
+#
+# * Bug **#123** : Fix bug with an associated GitHub issue in this repository.
+#
+# * Bug **namespace/other-repo#456** : Fix bug with an associated GitHub issue in another repository.
+#
+# * Feature **#789** : Add new feature X.
+#
+# * Bug : Fix bug with no associated GitHub issue.
+#
+#
+# Note: The line must start '* XXX ', where 'XXX' is a valid category,
+#       one of [Bug Feature Refactor Dependency Build].
+
+
+# --------------------------------------------------------------------------------
+# The following is random text to make this file unique for git's change detection
+# Mgi76uWLK90Kf5W9qyaYs3OPTPKuI3f08Gscby9bmOGVxDUauvo9SxoXwIJkOwoTXCTZZos1wEfPZUdD
+# e3rCfe9XqSdcB4h2iDXcnm7R9Sdj3aWbebZM5D6nUbVAGMCMjGdMznVIjcBMJHl0ebD5ViJzqt3vueHP
+# s0xSRUVl5edfRioK23FDDh9iYTmCUQ7tslBq7fbyrUsGuzYNQysXO8lssQf3M4ajNXK4mnSDc9XLaa6i
+# ZgVNsxRo8NStOgsXOGtlsxO3lQPiKLogaUYSukgHBq9OJjnKq0mzEUyN8CjIVko4cQwflYYqzYqRpfGR
+# vayc7lixUaMDcMvMbGcHmsnEzekQ3TD7IjllORLn87txXzSSE4ROPpRvRdUWA6g2WpsCFVcXUTyjgEqr
+# t2Kd8yrhnIZmKFZqyvJliGKqyPm7zETmA8ZEepz39mZm2RQo0RvPUBCLLQNSFe2OKznI2s2SxSd9WA7A
+# bLyPzZXurKmIr98cSLxS5oMdP8NkFCax9GF6WiTBzz87qg3K0aaS832NrX7iNfY3slJzv12DBJzS6uIA
+# nGbNXIYpooPKlHunMsgFQPLdOWKD5G5EwhaBS1JgUJsdpgZ6GgpFSmTxqpqcivKAOGkf0p2kBYLZHO40
+# Wd6Pk19D74LDJZVyFOUxUuFMxZ6C39vawBWxcOUbThVnlQOXaABNXBGq7KQiDyZcOK1kBbRs16PdveNX
+# 9l9XsAaW84mBUax4FfPI1GLNzXdSvBrzehvOJUiDtlTSxq8AOKLaaT1Lv6SbAtfPwZODQiKfrFpqYHRB
+# g37oKTXyOtWKLOFUN3Zh9EaXmlslRuUDQOnlvP0Q3pWZV5WQ5dcoiik2OAPVIrogE5POj4CKgkpkPKFv
+# JhfrVtiqFRTiKsR2mhl5uT3y3h1uRQ9IHWgob5ThCndiUUzimkkhBxXos63CkljGOVqo0f72SJSfjApu
+# 4S0BzqdyWK7kojtfyfHoTHRVwL2YnelAqTia9MboMn0ZAzQnG7vymHCl6fjwzW4KCc6WSXKWNVlbHbev
+# bZ8TJPhxCEBZFbqZ75BGXl5T10mzHEGglxk7QEHvrAUi1xuyBTl8pBd0mzB8M47hym6np9ZxGoflKYYS
+# jyEFW3a9c7tsPVXCpcCVZW8uLGt0kHvvfCXE2znRZO6yNFRohtX4Z9wYW65azr0KAXRfrCv7khkKRJRo
+# RXf02ZhhPUd0kKbvubXNVl6R1l3o5OIj1gVp6a6GoU1x2zBwkMroajDyQ2xtqoWosu8unCNQkwnronYW
+# ZaYJM4UIXY9rA7Zmlf05jTwa8KULFfGZrFEfJBtROHRLq7jc8MpR1QsGdXazaDO4ohr60ZIRMLC9wegD
+# 5A5c8iMeeRiY4Tqwi0JxJ3VkoBfy8DzZhTgna4VSv6yJPlyTBUsIiArrKDvuGnlCPEoPxbShtGK8qxxB
+# AlQvBGnNFg97HS5vxbEIchJuqAEtVsHhV2jobFmDHRCmX04sonQ5HZTo5CJWv5ef99kFWYlvzHueIvwt
+# KZAcjVUB8ObD7OyJ2Rw77hI5C7U0op8sasSotuXSWkLnIaweWHsdg7TOLD5a9hmWiIdqqFAHsOpq3hTY
+# ZIkw5ebIRcdoRNL7DMJkAUwMuMAEvIl1TLFewSwZuEFPGULaRCvGxIcRFVYUmkgPLB14StGJGSMJcDwz
+# 6W8I7xAW8h8ExgEqbiPIt3ySA6aMiawbXGgHNglCX7JoBjRkyHoDWSriVfHlsntQzJo27oU6fOnHqDmz
+# mKVallVh8hFlFA7wqDbAMTuwvcveDhpL1gInBZ1k8QcDSTKXseuBPvvUVReJaW0yOXuXbHP28wxl4NSP
+# XscAe4S8Jtw8BvNVMkS7FRr0QbcKhgCBj4ifwAi9RhHeC519bwT5MT0XDhqzWJMpoYRWJdCctxLuWZKi
+# IWG0unL7fCo7KmFb9NtwqlQZtGWVYX59KOnUCNDsPK5l2nFgELOaj6zBseQZFzd53aHt6BVgB77BuPK0
+# cgIVFfp4Nnrrl9ROL5ZM5dTOCA1ryW4iNNnnx9otVS9tB8XQdtQg9cxmI8mArXjvRC7MvDsikHw1KSG9
+# aFf0CCoLtpow71IUyaBg6XDxfKDYAXWsuky0nVtbwXEGSAXJBmXaKEqAihv0WAvlDjxzRuA7FUJPbnFT
+# fkjqzdEKjvwrBx55UlDCCZdfPn5rkCxf12sN2e2m0WiWlMyzmhJVQjKExItjSSNt0ugeAXxvZjbUb38S
+# Pj5KQ46VuaRHftBGYKgIbG0dyznPLS2RmgnhcUxiZfhgylGEDUXHkIKATWAQgnYebfzK6tmXZFBJHGUN
+# bxZkqvfRu1l6h95VxgjBKwJryNHwwMWl6uNC0vsXnTFUq5EYGGPy0jq32Hvl4ZjLfQYLchHw3qEk3YY7
+# --------------------------------------------------------------------------------
+
+```